Eight Ways to Improve Your Cyber-Security Spending
Dollars spent on cyber-security are most productive when allocation is based on specific business risks. However, only 38% of respondents say they have a method for prioritizing security investments based on the greatest risk and impact on the organization’s business strategy.
No single methodology for strategic spending works for everyone, but enterprises should allocate resources based on risk, regardless of industry and location.
The scope and duration of cyber-security initiatives should be less than the typical three- to five-year business plans. That way, organizations can quickly address threats as they increase and evolve.
Rather than emphasizing prevention, organizations should fund processes that integrate predictive, preventive, detective and incident-response capabilities to minimize impact.
Organizations should spend their money on people and process capabilities that enable them to respond quickly and mitigate incidents.
It is critical to invest in resources that identify and classify the most viable information assets, and to determine where they are and who has access to them.
Identify and classify assets to help IT and business executives determine how much to invest in cyber-security. Organizations should also consider the quality and end-to-end strategy of their investments.
Don’t just deploy network-monitoring technologies, for example. Ensure adequate funding for data analytics that enable cyber-security personnel to discover patterns in anomalous network behavior and to act on these insights.